Your generous donations help keep this site online! Click here to support cexx.org.

Foistware: Liveshows Dialer



Liveshows is a dialler program, a poular item among some adult Web sites. A dialer, often advertised as a 'viewer' for adult materials, uses your computer's modem to dial a high-charge per-minute phone number (e.g. 1-900 [US] or 0190 [Ger.]), often in another country. Some dialers may also silently disconnect and reconnect your modem even as you are surfing the Web, as soon as the program is executed.
 
This particular dialer is configurable by each site that wants to distribute it, and there are a number of variations with unique filenames and behaviours. Carol writes:
 

There are... at least 5 or 6 that I've seen that are {ahem} advertised via 
spam.  One of them does not install the registry entry and the file that runs
at startup to reinstall it.  The others use various names for that file, the
dialer files themselves, and the shortcuts.

100% of the ones I've tracked have come as a voluntary download from a
website, usually advertised as XXX pictures, movies, etc.  It doesn't SAY
it's a dialer but it doesn't automatically load (via Active-X or JS) and it
doesn't hide the fact that it's porn when it comes to the download, though
the spam email that originally leads to the site MAY well be misleading. 
This dialer also does not dial by itself.  These are the reasons you won't
find it classified as a trojan.  Those that visit the site on first contact
with an internet connection, pop up a page even offline, dial by themselves,
or do tricks like the Connect2party in which the uninstaller actually
REinstalls, are classified as trojans.


Infection Method
A Liveshows installer reportly comes as an attachment in a piece of unsolicited email. It is also installed from some adult Web sites (see Carol's note above). If executed, a window may appear every time the computer is started, hounding the user to accept a set of Terms and install the dialer. The installer may also add install links to the Start menu and desktop, which might re-appear after they are deleted.
 

Removal Procedure

Carol provides the following removal instructions for the Liveshows dialer in its many variations: 

"If you have tried to delete these icons and the files they point to but it all comes back when you restart your computer, this is for you.

This applies to the most current version known and prevalent at the moment, and a few variations.

1. Right-click on the desktop shortcut icon and select Properties from the menu. Make note of the information in the Target box. These are some of the files you will need to remove. It may look like C:\liveshows\dialer.exe or there may be other variations. Write it down exactly as it appears and close the Properties window.

2. Open Windows Explorer or MyComputer. Open C: (or the drive on which it appears). Look in C: (no folder) for the files FINDFAST.EXE, filez.exe, sexypicz.exe, cams.exe, or a file with a "sex" name or an icon that matches the icon on your desktop. This will be the file you need to search for in the Windows Registry in Step 4. You won't be able to delete this file right now. Write down the name and leave this window open.

Edit the Registry If at any time what you are seeing does not seem to match the description here, STOP, close the Registry Editor, and ask for help. It is very important that you not delete the wrong item from the Registry.

3. Click Start then Run. Type REGEDIT in the box, then click OK. You should get a small window that says "Registry Editor" at the top.

---------------------------
Back up the Registry. If you don't know for sure that your computer is automatically keeping backup copies of your Registry, it is best to make a backup before going further. From the Registry Editor's REGISTRY menu, click on EXPORT REGISTRY FILE. You should get a file manager box ready to save it to Desktop. Name the file BACKUP.REG and make sure the Export Range is set to ALL, then click SAVE. Then continue with the instructions. Delete the Backup.reg from your desktop once you have verified that Liveshows has been permanently removed and your computer is otherwise operating normally.
---------------------------

4. From the Registry Editor's EDIT menu, click on FIND. Search for the file identified in step *2* above.

5. When found, verify that the NAME column says "SystemTasks" and the DATA column identifies the file found in Step *2* above, like "C:\sexypicz.exe" or "C:\filez.exe" or "C:\FINDFAST.EXE" and that it is highlighted. Careful: If that file is FINDFAST.EXE be sure it is "C:\FINDFAST.EXE" and NOT the one in C:\Program Files\. The one in Program Files is part of MS Office. If you find the Program Files one, key F3 on your keyboard to continue searching.

6. Once you have found the one whose DATA refers to your file in C: and verified that it is highlighted, then use the Delete key on your keyboard to delete that entry. Key F3 on your keyboard to continue searching until you get the notice that the search is complete.

7. Close the Registry Editor from "Registry" menu -> Exit.

8. Right-click and Delete the desktop shortcut and the Start menu shortcut. Delete the files identified in Step 1. If you have identified the "diallerprograms" folder in the Program Files, be sure to delete only the "diallerprograms" folder and NOT the Program Files folder. Restart your computer

9. The shortcuts should not reappear. Now delete the file identified in Step 2. Once that is done you are finished.
"


Links
Newsgroup query of Liveshows dialer removal (Google Groups)

Up (Adware)
HomeE-mailCopyrights and Disclaimers



 

"All trademarks are hereby acknowledged as the property of their respective owners." So don't even THINK about suing me :)